There are several system components that do not output log entries in a unified format or method. Some of them output to files, while others use a pipe, or use a unix-stream. Some can even be configured to use a certain output method. The syslog-ng application can accept log entries from these output methods too.
The syslog-ng application supports the following source types:
internal()
The log messages of syslog-ng itself.
file()
This source is for log entries from a special file, like
/proc/kmsg
.Note A file source cannot be an ordinary text file, for example, one generated by httpd. However, it is possible to feed syslog-ng with messages from such a file indirectly. For this, a custom script is required, for example, a script that uses tail -f to transfer messages from the desired logfile to the logger utility.
pipe()
This source is for messages from a pipe.
unix_stream()
This source is for log entries from a connection–oriented socket.
unix_dgram()
This source is for log entries from connectionless sockets.
tcp()
Log entries from remote machines that use TCP for log entry submission.
Note One of the advantages of syslog-ng over traditional syslog is that it can handle TCP connections.
By default, syslog-ng uses TCP port
514
.udp()
Log entries for remote machines that use UDP for log entry submission.
By default, syslog-ng uses UDP port
514
.systemd-journal()
This source is for collecting messages from the systemd-journal system log storage.
The most important sources when dealing with local component's log entries are probably unix_stream()
and unix_dgram()
, because the main system components, like the kernel and many of the daemon
processes as well use one of them for recording log events.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu